Sign in with
Sign up | Sign in

Protect Your Data With Encryption

Protect Your Data With Encryption
By

Data security is a sensitive topic. The increasing number of operating system features and Web services introduces more options for accessing, modifying—and losing—data. Yet, many people don’t really have a true security plan in place for protecting their data.

What would you think if an unauthorized person gained access to your personal files? Would someone be able to find information that is meant for your eyes only? Would they be able to do harm? I’d guess that they probably could—at least, that’s the case with <i>my</i> personal files. Whether data is personal or business related, important files have to be secured, and that brings us to a potentially incredible solution: TrueCrypt.

Ways In

Most systems are not secure, even though known “security” measures such as Windows passwords, ZIP file passwords, BIOS passwords and FTP/Web passwords imply security. The truth is that everything that is handled or stored in plain text—which is the case for most of the examples above—can be bypassed. Windows passwords are stored in the system memory and only provide security as long as other ways of access, via network or USB, aren’t available. ZIP files can be accessed with some patience using brute-force attacks, and many Web services don’t use any encryption at all when handling login data. True security is only possible if data and transfers are protected with modern encryption algorithms using solid passwords.

Convenient Security

When I think about security products, I recall features such as the Trusted Platform Module on motherboards to validate systems, software, or users. There are components with integrated acceleration for encryption and decryption workloads; VIA’s Nano processor is a recent example. And then there are components that even come with built-in encryption: self-encrypting hard drives are popular, and Windows Vista supports Bit Locker when you purchase the expensive Ultimate or Enterprise editions.

However, most solutions come with a catch. They either require you to purchase software or hardware, or you have to change the way you work on your system(s). In addition, not all security solutions are truly secure, as there are sometimes ways around security features, which compromise your data. External hard drives with built-in encryption sometimes have intended or unintended backdoors; other examples are mentioned above.

Why Test TrueCrypt?

TrueCrypt has been around as an OpenSource encryption tool for a few years. Its main application was the creation of so-called encrypted containers to store files in a secure manner. Containers can even be mounted as Windows drives in recent versions of the tool. With the introduction of TrueCrypt 6.0, the tool was given the ability to encrypt an existing Windows installation on the fly, which means adding the extra layer of security by encrypting the entire system drive or partition. In our tests, this worked really well. In fact, our positive experience was the impetus to write this article—we found subjectively that TrueCrypt wouldn’t even slow down your system despite real-time encryption and decryption of your entire system instance and data.

Display all 46 comments.
This thread is closed for comments
  • 3 Hide
    Executioner_bg , January 19, 2009 7:52 AM
    Hardcore security is hardcore. Very good article. Thanks for the info.
  • 1 Hide
    ecka , January 19, 2009 8:08 AM
    Nice software. Been using it for close to 3 years. No glitches. The only complain/annoyance was when upgrading from 5.x to 6.x for security reasons i needed to re encrypt encrypted external usb drives.
  • -1 Hide
    neiroatopelcc , January 19, 2009 10:38 AM
    Despite working with it every day, and being in charge of a fair amount of systems, I've never truely appreaciated security measures. Sure I use passwords and the like, but I just don't really trust the security features. Probably so because I don't understand them.
    No matter how many of these here articles I read, I'll always be afraid to lock myself out of my data, or somehow lose the keys or whatever is needed. More security means higher risk of accidental loss. And I don't know enough about encryption to feel secure in a secured enviroment.
    So I prefer my outlook pst file being a plain text file on a network drive secured with just ntfs restrictions. I know the file would be readable if someone'd steal the nas system or get my windows password, but that's just too unlikely to bother me.

    In short - probably a good piece of tech, but if more people are like me, they'd be too scared to even try it.
  • 0 Hide
    neiroatopelcc , January 19, 2009 10:39 AM
    Edit: Ofcourse a man in the middle attack, and other similar stuff, would also increase the risk of someone getting my sensitive data, but since they'll have to know a fair bit about the data to truely gain from it, that doesn't much bother me either.
  • 2 Hide
    Anonymous , January 19, 2009 11:15 AM
    Thanks for the review, I've been very interested in switching to an encrypted system drive.

    I'm still curious if you could go into more detail about where the bottlenecks are; eg: how fast does the CPU have to be to bottleneck the HardDrive.

    I find having truecrypt AES enabled limits throughput to 80MB/s on my E6600, 4x750GB RAID5 on 3ware vs 160MB/s unencrypted.

    I'd like to see more tests across different hardware configs to see what the crossover points are. When does CPU speed limit HD speed? Would upgrading to WD-RE3 drives and an i7-920 improve performance (well, obviously yes, but how much?)
    And when would the RE3's be bottlenecked by the CPU?

    The same applies to the mobile platform, does a faster CPU help? or is it still IO limited?
  • 4 Hide
    theblackbird , January 19, 2009 11:27 AM
    I've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.

    I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot.

    But this is not for everyone. You really have to know what you're doing:
    - Forget your pasword: you're doomed.
    - Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.
    - Loose a keyfile: you're doomed.
    - Don't have a header backup, and header gets corrupted (got that once): you're doomed.

    You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever.
  • 0 Hide
    neiroatopelcc , January 19, 2009 11:32 AM
    Now that last post just scares me! makes me know exactly why I'm not thrilled with the whole security issue.
    I still dreadd the day I forget the master password for the offsite backup (can't be reset)
  • 1 Hide
    ecka , January 19, 2009 11:35 AM
    Yes those issues would stop a normal user from using the software IF the knew about them. From my experience most of the standard users down even read the quick start guides and then mumble that their new toy is crap. So I don't see this being widely used by normal users.
  • 2 Hide
    theblackbird , January 19, 2009 12:04 PM
    neiroatopelccNow that last post just scares me! makes me know exactly why I'm not thrilled with the whole security issue.I still dreadd the day I forget the master password for the offsite backup (can't be reset)


    Don't be too scared. Reading the info at trucrypt.org helps a lot. Invest a little time and you're safe. You just have to know how the system works, what you need to backup, and what to do when a failure occurs.

    I just wanted to warn the average Joe of implementing encryption, without knowing the consequences.
  • 1 Hide
    mike123abc , January 19, 2009 1:14 PM
    I use Vista bitlocker (Business/Ultimate). With a TPM module it is pretty transparent function. Without a TPM you have to have an USB key (or type in a 48 digit code). It mainly works to keep your data private if your laptop is stolen. Of course business/ultimate costs real $$ if you do not have it already and this looks like a nice free solution.
  • 1 Hide
    Shadow703793 , January 19, 2009 1:21 PM
    theblackbirdI've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot. But this is not for everyone. You really have to know what you're doing:- Forget your pasword: you're doomed.- Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.- Loose a keyfile: you're doomed.- Don't have a header backup, and header gets corrupted (got that once): you're doomed.You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever.

    +1. I too have been using TruCrypt for a few years and very impressed with it.
  • 0 Hide
    abhinav_mall , January 19, 2009 1:47 PM
    I have just one question. What if vista (not the boot loader of truecrypt) crashes and nothing works, like system restore, and i am left with doing a complete repair reinstall of vista OS. Will that be possible?? I just have a gut feeling that Vista dvd wont recognize truecrypt layer.
  • 3 Hide
    byebye , January 19, 2009 1:55 PM
    I found 1 flaw in your article(may not be the only flaw).

    "Password Limitations
    ...there is only one master password for the entire system...(wrong)... This means that it is not possible to create multiple, differently-encrypted system installations that are based on different Passwords...."

    You can have as many passwords to as many OS's as you want.
    it's at the beginning pages of the setup.
    it is actually recommended for the extreme paranoid.(plausible deniability)where if you are captured and asked for the password give them an OS that you use often but not the one the has the sensitive info on.


    to abhinav_mall
    the answer is yes.
  • 1 Hide
    naylom , January 19, 2009 4:45 PM
    I note at installation the article says you have to pick single or multi-boot, what happens if you want to add a new o/s later and become multi-boot from single boot?

    Would also be nice to see a comparison of this versus bitlocker for windows users.
  • 0 Hide
    elerick , January 19, 2009 5:01 PM
    lets say you lose your password or something along those lines. Can you reformat the drive?

    Im curious because I have a few of external drives as an IT professoinal, what options do I have to regain access to them?
  • 1 Hide
    theblackbird , January 19, 2009 6:09 PM
    elericklets say you lose your password or something along those lines. Can you reformat the drive? Im curious because I have a few of external drives as an IT professoinal, what options do I have to regain access to them?


    You can always reformat a drive. I don't see the problem there.

    If you don't have the password for an Truecrypt encrypted system or drive, there's no way you can ever access the data on it again.

    One exception: in some cases it might be possible to retrieve the cached password from RAM. This method has shown to work in an ideal lab situation. I don't see this happen in real life tho, because data in RAM is lost in about 30 seconds average, after shutdown.
  • 1 Hide
    theblackbird , January 19, 2009 6:23 PM
    abhinav_mallI have just one question. What if vista (not the boot loader of truecrypt) crashes and nothing works, like system restore, and i am left with doing a complete repair reinstall of vista OS. Will that be possible?? I just have a gut feeling that Vista dvd wont recognize truecrypt layer.


    1. You can boot from the Truecrypt rescuedisk, decrypt your system, do some Vista repair magic, then encrypt again (yup, lengthy)
    2. You can reïnstall Vista from scratch (of course, it won't recognize any data on the drive, because it's all encrypted)
    3. You can mount the encrypted system drive from another OS, let's say Ubuntu, and access data on it if you need it prior to reïnstalling Vista.
  • 1 Hide
    theblackbird , January 19, 2009 6:43 PM
    naylomI note at installation the article says you have to pick single or multi-boot, what happens if you want to add a new o/s later and become multi-boot from single boot?Would also be nice to see a comparison of this versus bitlocker for windows users.


    Decrypt, install second OS, encrypt. I do suggest you read about dualbooting with Truecrypt on the Truecrypt forum. There are several options (and not always easy to understand).
  • 2 Hide
    theblackbird , January 19, 2009 7:12 PM
    A tip for people wanting to experiment with Truecrypt: do it within a Virtual Machine with software like VMWare. Very good for learning, and you can screw up without consequences. Especially useful when experimenting with dualboot configs.
  • 0 Hide
    bobbyd , January 19, 2009 8:58 PM
    Does this program work with 64 bit versions of vista?
Display more comments